The Book of PF Erratum 02: Wrong syntax in ICMP example
--------------------------------------------------------------------
September 5th, 2015
The Book of PF, 3rd edition, page 39: Syntax error in rule sample
The rules example at the top of page 39 misplaces the icmp-types and icmp6-types argument.
The rules that say
pass inet proto icmp icmp-type $icmp_types from $localnet
pass inet proto icmp icmp-type $icmp_types to $ext_if
and similarily for the icmp6-types argument for IPv6,
pass inet6 proto icmp6 icmp6-type $icmp6_types from $localnet
pass inet6 proto icmp6 icmp6-type $icmp6_types to $ext_if
will fail the pfctl syntax test, and a configuration containing those
rules will not load
The icmp-types and icmp6-types argument should be moved to
after the target designation. The correct form of these rules is:
pass inet proto icmp from $localnet icmp-type $icmp_types
pass inet proto icmp to $ext_if icmp-type $icmp_types
pass inet6 proto icmp6 from $localnet icmp6-type $icmp6_types
pass inet6 proto icmp6 to $ext_if icmp6-type $icmp6_types
Thanks to Joseph A Borg for making me aware of this error.